[c-nsp] Granularity for BFD in CoPP policy
Nathan Lannine
nathan.lannine at gmail.com
Thu Oct 31 12:19:59 EDT 2019
If "echo" is used, I think you might need something like the following,
replicating the ACEs exactly on each side.
//
permit udp <side1> <side2> eq 3784
permit udp <side1> <side2> eq 3785
permit udp <side2> <side1> eq 3784
permit udp <side2> <side1> eq 3785
permit udp <side1> eq 3784 <side2>
permit udp <side1> eq 3785 <side2>
permit udp <side2> eq 3784 <side1>
permit udp <side2> eq 3785 <side1>
//
On Thu, Oct 31, 2019 at 11:42 AM Drew Weaver <drew.weaver at thenap.com> wrote:
> Howdy!
>
> I have noticed that if I put:
>
> permit udp any any eq 3784
> permit udp any any eq 3785
>
> Into a CoPP policy, this makes BFD function between two systems.
>
> If I try to get specific and use the source and destination addresses of
> the two systems BFD flaps wildly.
>
> I would assume, most likely foolishly that the NeighAddr listed in 'sh bfd
> nei' would be the source IP of the BFD packets but it appears that I am
> mistaken.
>
> Any ideas?
> _______________________________________________
> cisco-nsp mailing list cisco-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at http://puck.nether.net/pipermail/cisco-nsp/
>
More information about the cisco-nsp
mailing list